|
December
2005
Select
the links for detailed information and removal tools for the latest viruses
Looking
for a better AntiVirus / Spyware solution?
We use AVG Professional. Download it here
W32.Dabora.B 12/30/05 2
W32.Feebs.B 12/23/05 2
W32.Mytob.MX 12/22/05 2
W32.Beagle.DB 12/22/05 2
W32.Beagle.DA 12/22/05 2
W32.Spybot.ACDM 12/22/05 2
W32.Feebs.A 12/21/05 2
W32.Beagle.CZ 12/20/05 2
Trojan.Lodear.G 12/20/05 2
W32.Dasher.D 12/19/05 2
W32.Dasher.C 12/16/05 2
W32.Beagle.CY 12/16/05 2
W32.Dasher.B 12/16/05 2
W32.Dasher.A 12/15/05 2
Trojan.Lodear.E 12/15/05 2
Trojan.Lodear.F 12/15/05 2
W32.Beagle.CX 12/15/05 2
W32.Dinoxi.B 12/11/05 2
W32.Dinoxi 12/10/05 2
W32.Spybot.ABDO 12/10/05 2
W32.Looksky.E 12/09/05 2
W32.Mytob.MR 12/07/05 2
W32.Mytob.MN 12/05/05 2
W32.Mytob.ML 12/02/05 2
W32.Mytob.ML@mm
Discovered
December 02, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.ML@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Uses its own SMTP client to mass-email itself to
addresses gathered from the compromised computer.
Degrades performance: Mass-mailing may degrade performance.
Compromises security settings: Modifies registry entries to lower security
settings.
Distribution
Subject of email: The subject varies.
Name of attachment: The attachment name varies.
Ports: TCP port 43287
Read
the full Symantec report here
W32.Mytob.MN@mm
Discovered
December 05, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.MN@mm
is a worm with back door capabilities that uses its own SMTP engine to
send an email to addresses that it gathers from the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Uses its own SMTP engine to mail copies of itself
to email addresses gathered from the compromised computer.
Degrades performance: Mass-mailing may degrade performance.
Causes system instability: Process termination may cause system instability.
Compromises security settings: Ends process and blocks access to security-related
Web sites.
Distribution
Subject of email: Account Alert
Name of attachment: There is no attachment, but there is an embedded link
which is malicious.
Ports: Random TCP ports.
Read
the full Symantec report here
W32.Mytob.MR@mm
Discovered
December 07, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.MR@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and allows a remote attacker to have unauthorized
access to the compromised computer.
Large scale e-mailing: Creates a mass-mailing of itself.
Modifies files: Modifies the hosts file to lower security settings.
Degrades performance: Mass mailing routine may degrade network performance
and clog mail servers.
Compromises security settings: Adds text the hosts file to block access
to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 6667
Read
the full Symantec report here
W32.Looksky.E@mm
Discovered
December 09, 2005
Systems Affected: All Windows32 Systems
W32.Looksky.E@mm
is a mass-mailing worm that drops additional malware and lowers security
settings on the compromised computer.
Payload Trigger:
n/a
Payload: May install a back door component.
Large scale e-mailing: Sends a copy of the worm to all email addresses
gathered from the compromised computer.
Releases confidential info: Logs keystrokes and posts local system information.
Compromises security settings: Attempts to bypass firewall settings.
Distribution
Subject of email: Your mail Account is Suspended
Name of attachment: acc_info1.exe
Read
the full Symantec report here
W32.Spybot.ABDO
Discovered
December 10, 2005
Systems Affected: All Windows32 Systems
W32.Spybot.ABDO
is a worm that has distributed denial of service and back door capabilities.
The worm spreads by copying itself to network shares protected by weak
passwords, by exploiting vulnerabilities, and by sending links pointing
to a copy of the worm through AOL Instant Messenger.
Payload Trigger:
n/a
Payload: Opens a back door on the compromised computer.
Degrades performance: Performs denial of service attacks and downloads
and executes remote files, which may degrade performance.
Compromises security settings: n/a
Distribution
Ports: TCP port 53.
Read
the full Symantec report here
W32.Dinoxi
Discovered
December 10, 2005
Systems Affected: All Windows32 Systems
W32.Dinoxi
is a worm that opens a back door on the compromised computer. It spreads
via AOL instant messenger, by sending a link to all available contacts
on the user's contact list.
Payload Trigger:
n/a
Payload: Opens a back door on the compromised computer.
Compromises security settings: Lowers security settings by disabling various
Windows security features.
Read
the full Symantec report here
W32.Dinoxi.B
Discovered
December 11, 2005
Systems Affected: All Windows32 Systems
W32.Dinoxi.B
is a worm that spreads via AOL instant messenger by sending a link to
all available contacts on the user's contact list and opens a back door
on the compromised computer.
The worm also spreads through various peer to peer file sharing applications.
Payload Trigger:
n/a
Payload: Opens a back door on the compromised computer.
Compromises security settings: Lowers security settings by disabling various
Windows security features.
Distribution
Target of infection: Spreads via AOL instant messenger and through peer
to peer file sharing applications.
Read
the full Symantec report here
W32.Beagle.CX@mm
Discovered
December 15, 2005
Systems Affected: All Windows32 Systems
W32.Beagle.CX@mm
is a mass-mailing worm that uses its own SMTP engine to send out copies
of another threat, Trojan.Lodear.E. The worm also opens a back door on
the compromised computer using TCP port 80 and lowers security settings.
Payload Trigger:
n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Mass-mails a copy of another threat to addresses
contained in a downloaded file.
Compromises security settings: Deletes registry entries that may be security-related.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 25
Read
the full Symantec report here
Trojan.Lodear.F
Discovered
December 15, 2005
Systems Affected: All Windows32 Systems
Trojan.Lodear.F
is a Trojan horse that attempts to download remote files.
Payload Trigger:
n/a
Payload: Downloads and executes remote files.
Distribution
Ports: TCP Port 80
Read
the full Symantec report here
Trojan.Lodear.E
Discovered
December 15, 2005
Systems Affected: All Windows32 Systems
Trojan.Lodear.E
is a Trojan horse that attempts to download remote files.
Payload Trigger:
n/a
Payload: Downloads and executes remote files.
Distribution
Name of attachment: Varies
Read
the full Symantec report here
W32.Dasher.A
Discovered
December 15, 2005
Systems Affected: All Windows32 Systems
W32.Dasher.A
is a worm that exploits the Microsoft Windows Distributed Transaction
Coordinator Remote Exploit (as described in Microsoft Security Bulletin
MS05-051) on TCP port 1025.
The worm
arrives as a self-extract RAR file.
Payload Trigger:
n/a
Payload: Degrades performance.
Degrades performance: Spreads by exploiting remote vulnerabilities which
may degrade performance.
Distribution
Ports: TCP Port 1025
Read
the full Symantec report here
W32.Dasher.B
Discovered
December 16, 2005
Systems Affected: All Windows32 Systems
W32.Dasher.B
is a worm that exploits the Microsoft Windows Distributed Transaction
Coordinator Remote Exploit (as described in Microsoft Security Bulletin
MS05-051) on TCP port 1025.
Payload Trigger:
n/a
Payload: Opens a back door and allows a remote attacker to have unauthorized
access to the compromised computer.
Degrades performance: Spreads by exploiting remote vulnerabilities which
may degrade performance.
Distribution
Ports: TCP port 1025, 53 and 21211
Read
the full Symantec report here
W32.Beagle.CY@mm
Discovered
December 16, 2005
Systems Affected: All Windows32 Systems
W32.Beagle.CY@mm
is a mass-mailing worm that uses its own SMTP engine to send out copies
of another threat, Trojan.Lodear.F. The worm also opens a back door on
the compromised computer using TCP port 80 and lowers security settings.
Payload Trigger:
n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Mass-mails a copy of another threat to addresses
contained in a downloaded file.
Compromises security settings: Deletes registry entries that may be security-related.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 25 and TCP Port 80
Read
the full Symantec report here
W32.Dasher.C
Discovered
December 16, 2005
Systems Affected: All Windows32 Systems
W32.Dasher.C
is a worm that lowers security settings on the compromised computer. It
spreads by exploiting the Microsoft Windows MSDTC Memory Corruption Vulnerability
(as described in the Microsoft Security Bulletin MS05-051) on TCP port
1025.
Payload Trigger: n/a
Payload: Opens a back door and allows a remote attacker to perform unauthorized
actions on the compromised computer.
Degrades performance: Spreads by exploiting a vulnerability, which may
degrade the compromised computer's performance.
Compromises security settings: Ends security-related processes.
Distribution
Ports: TCP ports 53, 1025, and 21211
Read
the full Symantec report here
W32.Dasher.D
Discovered
December 19, 2005
Systems Affected: All Windows32 Systems
W32.Dasher.D
is a worm that disables services on the compromised computer. It spreads
by exploiting various remote vulnerabilities.
Payload Trigger: n/a
Payload: Opens a back door and allows a remote attacker to perform unauthorized
actions on the compromised computer.
Degrades performance: Spreads by exploiting a vulnerability, which may
degrade the compromised computer's performance.
Compromises security settings: Ends security-related processes.
Distribution
Ports: TCP port 53, TCP port 1025, and TCP port 42.
Read
the full Symantec report here
Trojan.Lodear.G
Discovered
December 20, 2005
Systems Affected: All Windows32 Systems
Trojan.Lodear.G
is a Trojan horse that attempts to download remote files.
The Trojan may arrive as an email attachment with one of the following
names, containing a file named s3700026.exe:
- Thomas.zip
- Henry.zip
- William.zip
- Nicholaus.zip
- Edward.zip
- Katheryne.zip
- Nathanyell.zip
- Michael.zip
- Anthonye.zip
- Mychaell.zip
- Danyell.zip
Payload Trigger:
n/a
Payload: n/a
Degrades performance: Downloading a remote file may impact network performance.
Distribution
Ports: Downloads file using TCP port 80.
Read
the full Symantec report here
W32.Beagle.CZ@mm
Discovered
December 20, 2005
Systems Affected: All Windows32 Systems
W32.Beagle.CZ@mm
is a mass-mailing worm that uses its own SMTP engine to send out copies
of another threat, Trojan.Lodear.G. The worm also opens a back door on
the compromised computer using TCP port 80 and lowers security settings.
Payload Trigger:
n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Mass-mails a copy of another threat to addresses
contained in a downloaded file.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 25 and TCP Port 80
Read
the full Symantec report here
W32.Feebs.A
Discovered
December 21, 2005
Systems Affected: All Windows32 Systems
W32.Feebs.A
is a worm that attempts to spread through file-sharing networks. It lowers
security settings on the compromised computer.
Payload Trigger:
n/a
Payload: Copies itself to network shares and lowers security settings.
Compromises security settings: Ending security-related programs, stops
services, and disables the Windows Firewall.
Read
the full Symantec report here
W32.Spybot.ACDM
Discovered
December 22, 2005
Systems Affected: All Windows32 Systems
W32.Spybot.ACDM
is a worm that has distributed denial of service and back door capabilities.
The worm spreads by exploiting vulnerabilities and by sending a message
containing a link to a copy of the worm to AOL Instant Messenger contacts.
Payload Trigger:
n/a
Payload: Opens a back door and allows a remote attacker to have unauthorized
access to the compromised computer.
Degrades performance: May allow a remote attacker to initiate denial of
service attacks from the compromised computer, which can affect performance.
Causes system instability: May download and execute files, and delete
network shares.
Compromises security settings: Lowers security settings by modifying security-related
registry entries.
Read
the full Symantec report here
W32.Beagle.DA@mm
Discovered
December 22, 2005
Systems Affected: All Windows32 Systems
W32.Beagle.DA@mm
is a mass-mailing worm that uses its own SMTP engine to send out copies
of another threat, Trojan.Lodear.G. The worm also opens a back door on
the compromised computer using TCP port 80 and lowers security settings.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Attempts to email a copy of another threat, Trojan.Lodear.G
Compromises security settings: Attempts to delete security-related registry
subkeys.
Distribution
Subject of email: Varies
Name of attachment: Varies: Attachment contains an executable file named
S3700026.exe or DFC00027.exe.
Ports: TCP Ports 80 and 25.
Read
the full Symantec report here
W32.Beagle.DB@mm
Discovered
December 22, 2005
Systems Affected: All Windows32 Systems
W32.Beagle.DB@mm
is a mass-mailing worm that uses its own SMTP engine to send out copies
of another threat, Trojan.Lodear. The worm also opens a back door on the
compromised computer using TCP port 80 and lowers security settings.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Attempts to email a copy of another threat, Trojan.Lodear
Compromises security settings: Attempts to lower security settings.
Distribution
Subject of email: Varies
Name of attachment: Varies: Attachment contains an executable file named
1FC02132.exe
Ports: TCP Ports 25 and 80
Read
the full Symantec report here
W32.Feebs.B
Discovered
December 23, 2005
Systems Affected: All Windows32 Systems
W32.Feebs.B@mm
is a mass-mailing worm that also spreads through file-sharing networks
and lowers security settings on the compromised computer. The worm may
also send confidential information to a remote attacker via FTP.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to addresses gathered from
the compromised computer.
Releases confidential info: Sends confidential information to a remote
attacker via FTP.
Compromises security settings: Lowers security settings by stopping security-related
services.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 80.
Shared drives: Copies itself to folders containing the string "share".
Read
the full Symantec report here
W32.Mytob.MX@mm
Discovered
December 22, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.MX@mm
is a mass-mailing worm that also spreads through network shares.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends itself as an email attachment.
Degrades performance: Mass-mailing may degrade performance.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 7000
Read
the full Symantec report here
W32.Dabora.B@mm
Discovered
December 30, 2005
Systems Affected: All Windows32 Systems
W32.Dabora.B@mm
is a mass-mailing worm that mimics financial Web sites.
Payload Trigger:
n/a
Payload: The emails contain a URL that will download a copy of the worm
if it is visited.
Large scale e-mailing: Sends a large volume of emails using its own SMTP
engine.
Degrades performance: Creates a mass-mailing of itself which may clog
mail servers or degrade network performance.
Causes system instability: Creates a mass-mailing of itself which may
impact the compromised computer's performance.
Distribution
Subject of email: Varies
Read
the full Symantec report here
|
If you came to this page directly, click the icon at the left to be taken to our Home Page 
